]> git.decadent.org.uk Git - nfs-utils.git/blobdiff - utils/gssd/gssd.man
projects / nfs-utils.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use newly added keytab functions
[nfs-utils.git] / utils / gssd / gssd.man
diff --git a/utils/gssd/gssd.man b/utils/gssd/gssd.man
index f2ecd69995f589832198066f78b90136bceba951..8da10b22defacc34de5ca8c7ffc143d5e054c4c8 100644 (file)
--- a/utils/gssd/gssd.man
+++ b/utils/gssd/gssd.man
@@ -45,14 +45,25 @@ to use the keys found in
 .I keytab
 to obtain "machine credentials".
 The default value is "/etc/krb5.keytab".
+.IP
 Previous versions of
 .B rpc.gssd
 used only "nfs/*" keys found within the keytab.
-Now, the first keytab entry for each distinct Kerberos realm
-within the keytab is used.  This means that an NFS client
-no longer needs an "nfs/hostname" principal and keytab entry,
-but can instead use a "host/hostname" (or any other) keytab
-entry that is available.
+To be more consistent with other implementations, we now look for
+specific keytab entries.  The search order for keytabs to be used
+for "machine credentials" is now:
+.br
+  root/<hostname>@<REALM>
+.br
+  nfs/<hostname>@<REALM>
+.br
+  host/<hostname>@<REALM>
+.br
+  root/<anyname>@<REALM>
+.br
+  nfs/<anyname>@<REALM>
+.br
+  host/<anyname>@<REALM>
 .TP
 .B -p path
 Tells
Debian package of nfs-utils